identity

package
v0.5.3-alpha.1.pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 27, 2020 License: Apache-2.0 Imports: 34 Imported by: 1

Documentation

Index

Constants

View Source
const (
	VerifiableAddressTypeEmail VerifiableAddressType = AddressTypeEmail

	VerifiableAddressStatusPending   VerifiableAddressStatus = "pending"
	VerifiableAddressStatusCompleted VerifiableAddressStatus = "completed"
)
View Source
const AddressTypeEmail = "email"
View Source
const RouteBase = "/identities"

Variables

View Source
var ErrProtectedFieldModified = herodot.ErrForbidden.
	WithReasonf(`A field was modified that updates one or more credentials-related settings. This action was blocked because an unprivileged method was used to execute the update. This is either a configuration issue or a bug and should be reported to the system administrator.`)

Functions

func CredentialsEqual

func CredentialsEqual(a, b map[CredentialsType]Credentials) bool

func ManagerAllowWriteProtectedTraits

func ManagerAllowWriteProtectedTraits(options *managerOptions)

func ManagerExposeValidationErrorsForInternalTypeAssertion

func ManagerExposeValidationErrorsForInternalTypeAssertion(options *managerOptions)

func TestPool

func TestPool(p PrivilegedPool) func(t *testing.T)

Types

type ActiveCredentialsCounter

type ActiveCredentialsCounter interface {
	ID() CredentialsType
	CountActiveCredentials(cc map[CredentialsType]Credentials) (int, error)
}

swagger:ignore

type ActiveCredentialsCounterStrategyProvider

type ActiveCredentialsCounterStrategyProvider interface {
	ActiveCredentialsCounterStrategies() []ActiveCredentialsCounter
}

swagger:ignore

type Configuration

type Configuration interface {
	SelfAdminURL() *url.URL
	DefaultIdentityTraitsSchemaURL() *url.URL
}

type CreateIdentity

type CreateIdentity struct {
	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
	//
	// required: true
	// in: body
	SchemaID string `json:"schema_id"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_url`.
	//
	// required: true
	// in: body
	Traits json.RawMessage `json:"traits"`
}

type CredentialIdentifier

type CredentialIdentifier struct {
	ID         uuid.UUID `db:"id"`
	Identifier string    `db:"identifier"`
	// IdentityCredentialsID is a helper struct field for gobuffalo.pop.
	IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" db:"updated_at"`
}

swagger:ignore

func (CredentialIdentifier) TableName

func (c CredentialIdentifier) TableName() string

type CredentialIdentifierCollection

type CredentialIdentifierCollection []CredentialIdentifier

swagger:ignore

func (CredentialIdentifierCollection) TableName

func (c CredentialIdentifierCollection) TableName() string

type Credentials

type Credentials struct {
	ID uuid.UUID `json:"-" db:"id"`

	CredentialTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`

	// Type discriminates between different types of credentials.
	Type CredentialsType `json:"type" db:"-"`

	// Identifiers represents a list of unique identifiers this credential type matches.
	Identifiers []string `json:"identifiers" db:"-"`

	// Config contains the concrete credential payload. This might contain the bcrypt-hashed password, or the email
	// for passwordless authentication.
	Config sqlxx.JSONRawMessage `json:"config" db:"config"`

	IdentityID                     uuid.UUID                      `json:"-" faker:"-" db:"identity_id"`
	CredentialIdentifierCollection CredentialIdentifierCollection `json:"-" faker:"-" has_many:"identity_credential_identifiers" fk_id:"identity_credential_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" db:"updated_at"`
}

Credentials represents a specific credential type

swagger:model identityCredentials

func (Credentials) TableName

func (c Credentials) TableName() string

type CredentialsCollection

type CredentialsCollection []Credentials

swagger:ignore

func (CredentialsCollection) TableName

func (c CredentialsCollection) TableName() string

type CredentialsType

type CredentialsType string

CredentialsType represents several different credential types, like password credentials, passwordless credentials, and so on.

const (
	CredentialsTypePassword CredentialsType = "password"
	CredentialsTypeOIDC     CredentialsType = "oidc"
)

func (CredentialsType) String

func (c CredentialsType) String() string

type CredentialsTypeTable

type CredentialsTypeTable struct {
	ID   uuid.UUID       `json:"-" db:"id"`
	Name CredentialsType `json:"-" db:"name"`
}

swagger:ignore

func (CredentialsTypeTable) TableName

func (c CredentialsTypeTable) TableName() string

type Handler

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler

func NewHandler(
	c Configuration,
	r handlerDependencies,
) *Handler

func (*Handler) RegisterAdminRoutes

func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)

type HandlerProvider

type HandlerProvider interface {
	IdentityHandler() *Handler
}

type Identity

type Identity struct {

	// ID is a unique identifier chosen by you. It can be a URN (e.g. "arn:aws:iam::123456789012"),
	// a stringified integer (e.g. "123456789012"), a uuid (e.g. "9f425a8d-7efc-4768-8f23-7647a74fdf13"). It is up to you
	// to pick a format you'd like. It is discouraged to use a personally identifiable value here, like the username
	// or the email, as this field is immutable.
	//
	// required: true
	ID uuid.UUID `json:"id" faker:"-" db:"id"`

	// Credentials represents all credentials that can be used for authenticating this identity.
	Credentials map[CredentialsType]Credentials `json:"-" faker:"-" db:"-"`

	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
	//
	// required: true
	SchemaID string `json:"schema_id" faker:"-" db:"schema_id"`

	// SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.
	//
	// format: url
	// required: true
	SchemaURL string `json:"schema_url" faker:"-" db:"-"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_url`.
	//
	// required: true
	Traits Traits `json:"traits" faker:"-" db:"traits"`

	// VerifiableAddresses contains all the addresses that can be verified by the user.
	//
	// Extensions:
	// ---
	// x-omitempty: true
	// ---
	VerifiableAddresses []VerifiableAddress `json:"verifiable_addresses,omitempty" faker:"-" has_many:"identity_verifiable_addresses" fk_id:"identity_id"`

	// RecoveryAddresses contains all the addresses that can be used to recover an identity.
	//
	// Extensions:
	// ---
	// x-omitempty: true
	// ---
	RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty" faker:"-" has_many:"identity_recovery_addresses" fk_id:"identity_id"`

	// CredentialsCollection is a helper struct field for gobuffalo.pop.
	CredentialsCollection CredentialsCollection `json:"-" faker:"-" has_many:"identity_credentials" fk_id:"identity_id"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" db:"updated_at"`
	// contains filtered or unexported fields
}

Identity represents an ORY Kratos identity

An identity can be a real human, a service, an IoT device - everything that can be described as an "actor" in a system.

swagger:model identity

func NewIdentity

func NewIdentity(traitsSchemaID string) *Identity

func (*Identity) CopyWithoutCredentials

func (i *Identity) CopyWithoutCredentials() *Identity

func (*Identity) GetCredentials

func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)

func (*Identity) ParseCredentials

func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)

func (*Identity) SetCredentials

func (i *Identity) SetCredentials(t CredentialsType, c Credentials)

func (*Identity) SetSecurityAnswers

func (i *Identity) SetSecurityAnswers(answers map[string]string)

func (Identity) TableName

func (i Identity) TableName() string

type ManagementProvider

type ManagementProvider interface {
	IdentityManager() *Manager
}

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager

func NewManager(r managerDependencies, c configuration.Provider) *Manager

func (*Manager) Create

func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) error

func (*Manager) Update

func (m *Manager) Update(ctx context.Context, updated *Identity, opts ...ManagerOption) error

func (*Manager) UpdateSchemaID

func (m *Manager) UpdateSchemaID(ctx context.Context, id uuid.UUID, schemaID string, opts ...ManagerOption) error

func (*Manager) UpdateTraits

func (m *Manager) UpdateTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) error

type ManagerOption

type ManagerOption func(*managerOptions)

type Pool

type Pool interface {
	// ListIdentities lists all identities in the store given the page and itemsPerPage.
	ListIdentities(ctx context.Context, page, itemsPerPage int) ([]Identity, error)

	// CountIdentities counts the number of identities in the store.
	CountIdentities(ctx context.Context) (int64, error)

	// GetIdentity returns an identity by its id. Will return an error if the identity does not exist or backend
	// connectivity is broken.
	GetIdentity(context.Context, uuid.UUID) (*Identity, error)

	// FindVerifiableAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindVerifiableAddressByValue(ctx context.Context, via VerifiableAddressType, address string) (*VerifiableAddress, error)

	// FindRecoveryAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindRecoveryAddressByValue(ctx context.Context, via RecoveryAddressType, address string) (*RecoveryAddress, error)
}

type PoolProvider

type PoolProvider interface {
	IdentityPool() Pool
}

type PrivilegedPool

type PrivilegedPool interface {
	Pool

	// FindByCredentialsIdentifier returns an identity by querying for it's credential identifiers.
	FindByCredentialsIdentifier(ctx context.Context, ct CredentialsType, match string) (*Identity, *Credentials, error)

	// Delete removes an identity by its id. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	DeleteIdentity(context.Context, uuid.UUID) error

	// UpdateVerifiableAddress
	UpdateVerifiableAddress(ctx context.Context, address *VerifiableAddress) error

	// Create creates an identity. It is capable of setting credentials without encoding. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	CreateIdentity(context.Context, *Identity) error

	// UpdateIdentity updates an identity including its confidential / privileged / protected data.
	UpdateIdentity(context.Context, *Identity) error

	// GetIdentityConfidential returns the identity including it's raw credentials. This should only be used internally.
	GetIdentityConfidential(context.Context, uuid.UUID) (*Identity, error)

	// ListVerifiableAddresses lists all tracked verifiable addresses, regardless of whether they are already verified
	// or not.
	ListVerifiableAddresses(ctx context.Context, page, itemsPerPage int) ([]VerifiableAddress, error)

	// ListRecoveryAddresses lists all tracked recovery addresses.
	ListRecoveryAddresses(ctx context.Context, page, itemsPerPage int) ([]RecoveryAddress, error)
}

type PrivilegedPoolProvider

type PrivilegedPoolProvider interface {
	PrivilegedIdentityPool() PrivilegedPool
}

type RecoveryAddress

type RecoveryAddress struct {
	// required: true
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// required: true
	Value string `json:"value" db:"value"`

	// required: true
	Via RecoveryAddressType `json:"via" db:"via"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
}

swagger:model recoveryIdentityAddress

func NewRecoveryEmailAddress

func NewRecoveryEmailAddress(
	value string,
	identity uuid.UUID,
) *RecoveryAddress

func (RecoveryAddress) TableName

func (a RecoveryAddress) TableName() string

type RecoveryAddressStatus

type RecoveryAddressStatus string

RecoveryAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.

type RecoveryAddressType

type RecoveryAddressType string

RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.

const (
	RecoveryAddressTypeEmail RecoveryAddressType = AddressTypeEmail
)

func (RecoveryAddressType) HTMLFormInputType

func (v RecoveryAddressType) HTMLFormInputType() string

type Registry

type Registry interface {
	IdentityPool() Pool
}

type SchemaExtensionCredentials

type SchemaExtensionCredentials struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionCredentials

func NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials

func (*SchemaExtensionCredentials) Finish

func (r *SchemaExtensionCredentials) Finish() error

func (*SchemaExtensionCredentials) Run

func (r *SchemaExtensionCredentials) Run(_ jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionRecovery

type SchemaExtensionRecovery struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionRecovery

func NewSchemaExtensionRecovery(i *Identity) *SchemaExtensionRecovery

func (*SchemaExtensionRecovery) Finish

func (r *SchemaExtensionRecovery) Finish() error

func (*SchemaExtensionRecovery) Run

func (r *SchemaExtensionRecovery) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionVerification

type SchemaExtensionVerification struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionVerification

func NewSchemaExtensionVerification(i *Identity, lifespan time.Duration) *SchemaExtensionVerification

func (*SchemaExtensionVerification) Finish

func (r *SchemaExtensionVerification) Finish() error

func (*SchemaExtensionVerification) Run

func (r *SchemaExtensionVerification) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type Traits

type Traits json.RawMessage

func (Traits) MarshalJSON

func (t Traits) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*Traits) Scan

func (t *Traits) Scan(value interface{}) error

func (*Traits) String

func (t *Traits) String() string

func (*Traits) UnmarshalJSON

func (t *Traits) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

func (Traits) Value

func (t Traits) Value() (driver.Value, error)

type UpdateIdentity

type UpdateIdentity struct {
	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set
	// will update the Identity's SchemaID.
	SchemaID string `json:"schema_id"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_id`.
	//
	// required: true
	Traits json.RawMessage `json:"traits"`
}

type ValidationProvider

type ValidationProvider interface {
	IdentityValidator() *Validator
}

type Validator

type Validator struct {
	// contains filtered or unexported fields
}

func NewValidator

func NewValidator(d validatorDependencies, c configuration.Provider) *Validator

func (*Validator) Validate

func (v *Validator) Validate(i *Identity) error

func (*Validator) ValidateWithRunner

func (v *Validator) ValidateWithRunner(i *Identity, runners ...schema.Extension) error

type VerifiableAddress

type VerifiableAddress struct {
	// required: true
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// required: true
	Value string `json:"value" db:"value"`

	// required: true
	Verified bool `json:"verified" db:"verified"`

	// required: true
	Via VerifiableAddressType `json:"via" db:"via"`

	// required: true
	Status VerifiableAddressStatus `json:"status" db:"status"`

	VerifiedAt sqlxx.NullTime `json:"verified_at" faker:"-" db:"verified_at"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"-" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"`
}

swagger:model verifiableIdentityAddress

func NewVerifiableEmailAddress

func NewVerifiableEmailAddress(
	value string,
	identity uuid.UUID,
) *VerifiableAddress

func (VerifiableAddress) TableName

func (a VerifiableAddress) TableName() string

type VerifiableAddressStatus

type VerifiableAddressStatus string

VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.

type VerifiableAddressType

type VerifiableAddressType string

VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.

func (VerifiableAddressType) HTMLFormInputType

func (v VerifiableAddressType) HTMLFormInputType() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL